[Opendnssec-user] Running signer with zone fetcher

Antti Ristimäki aristima at csc.fi
Tue Oct 13 15:00:25 UTC 2009

On Mon, 12 Oct 2009, Matthijs Mekking wrote:
Hi Matthijs,

Just for your information, I now managed to make the zone fetcher work. 
The reason was that a local firewall filter blocked the UDP response 
packets coming from the hidden master. That's why the zone fetcher failed 
to query for the SOA serial.

Sorry for unnecessary harm and thanks for your help!

Best regards,

> Antti Ristimäki wrote:
>> Hi Matthijs,
>> Yes, the server is reachable on port 8054 and AXFR query with dig, for
>> example, works. The zone fetcher will obviously use the <NotifyListen>
>> address as a source address when querying for AXFR?
> No. The NotifyListen is only for listening to NOTIFY messages. When
> quering for AXFR, a new socket will be created that can have a different
> address structure. I think you request a feature to set the outgoing
> interface for AXFR?
> Best regards,
> Matthijs

More information about the Opendnssec-user mailing list